Record labels get hollow victory in MP3tunes infringement case

On paper, a Monday ruling represents a partial victory for the recording …

A federal judge today found the online music locker service MP3tunes and its founder Michael Robertson liable for copyright infringement. On paper, that's a victory for lead plaintiff EMI and its fellow record labels. But the judge's decision leaves them with little else to cheer about.

Robertson is a serial entrepreneur and perpetual thorn in the side of the recording industry. His first company, MP3.com, was shut down by the labels a decade ago. MP3tunes has a number of innovative features, including a search engine called sideload.com that allows users to find music on the Web and transfer it directly to their lockers. The recording industry argues that music locker sites are illegal without licenses from copyright holders, and they sued MP3tunes in 2007.

The case is important not only because it could decide the future of MP3tunes itself, but because it will help to establish the ground rules for any future legal disputes over music locker services from Google, Amazon, and others. If Judge William Pauley's reasoning is confirmed on appeal, it will put music locker services on a solid legal foundation.

Music lockers eligible for safe harbor

Under the DMCA, websites are immune from copyright liability if they promptly take down infringing material when notified by copyright holders and meet certain other criteria. MP3tunes argued it qualified for this safe harbor. EMI tried, unsuccessfully, to persuade Judge Pauley otherwise.

The labels argued that MP3tunes was disqualified because it should have known that many of the songs users sideloaded from websites such as rapidshare were infringing. But Judge William Pauley disagreed, arguing that the DMCA imposes no obligation to investigate potentially infringing activity absent a specific complaint from copyright holders. The only exception is links to sites with URLs containing "red flag" words like "pirate" or "bootleg."

EMI also argued that MP3tunes couldn't claim the DMCA safe harbor because it benefitted from its users' infringement and had the ability to control that infringement. But Judge Pauley disagreed. He held that there was no evidence MP3tunes directly profited from users' infringing sideloads. And he held that users, not MP3tunes, controlled which files users placed in their lockers.

In short, if Judge Pauley's reasoning is upheld on appeal, music locker services will have little trouble qualifying for the DMCA's broad immunity from copyright liability.

MP3tunes not off the hook

So why wasn't MP3tunes completely victorious? When EMI notified MP3tunes of specific infringing files on sideload.com, a music search engine operated by MP3tunes, the company removed the listings from search results. However, MP3tunes did not remove the corresponding files from users' lockers.

Judge Pauley ruled that this failure to act despite specific knowledge of infringing activities meant that MP3tunes lost DMCA immunity for those specific files. And he ruled that without the protection of the DMCA, MP3tunes was secondarily liable for helping users infringe the specific works EMI had notified MP3tunes about.

The judge also found MP3tunes founder Michael Robertson personally liable for sideloading some of EMI's copyrighted music to his own MP3tunes music locker from infringing websites.

Deduplication allowed

The ruling contains even more good news for music locker sites and fans of sensible copyright laws. As we reported last month, a key 2008 decision had suggested that locker sites would be more vulnerable to copyright infringement claims if they used deduplication technology to save hard drive space. That ruling was based on the theory that keeping a single "master copy" of a work and sending it to multiple users would constitute an infringing public performance.

Judge Pauley soundly rejected that line of reasoning, writing that "MP3tunes does not use a 'master copy' to store or play back songs stored in its lockers. Instead, MP3tunes uses a standard data compression algorithm that eliminates redundant digital data."

Sherwin Siy of Public Knowledge hailed the ruling, saying it "paves the way for both cloud locker services and integrated media search engines."

Conclusion

It's not clear where the ruling leaves MP3tunes. Judge Pauley's order holds that MP3tunes is liable for failing to remove a few hundred songs from users' lockers, and that Robertson is liable for sideloading infringing music to his personal locker. But the ruling did not specify what penalties MP3tunes would face. Our best guess is that MP3tunes will need to write a big check to EMI, but will be allowed to continue operating the MP3tunes and sideload.com services with minimal changes.

The news is even better for Google and Amazon. Those companies' music locker services do not even offer the broad sideloading functionality that has caused Robertson legal headaches. So if Judge Pauley's reasoning survives appeal, Google and Amazon will be on solid legal ground. Indeed, those companies may even want to start thinking about whether they've been too cautious. For example, they might save a lot of money by taking advantage of the deduplication part of the ruling.

94 Reader Comments

No such thing as too cautious, really. Even operating as they have been, Google and Amazon have been exposing themselves to considerable risk...avoiding deduplication was probably one of the few prudent measures to mitigate liability they took.

Of course, this decision (if upheld) changes the equation significantly.

Definitely a pyrrhic victory for the labels, as the article details. They've "won," but lost on every single point that mattered to them. Any money gained in damages will be lost many, many times over in lost licensing fees they might have hoped to extract from Google and others.

Judge Pauley soundly rejected that line of reasoning, writing that "MP3tunes does not use a 'master copy' to store or play back songs stored in its lockers. Instead, MP3tunes uses a standard data compression algorithm that eliminates redundant digital data."

This quote makes it sound like either 1) MP3tunes did store only one master copy of each song and Judge Pauley didn't understand that or 2) MP3tunes did not store only one master copy of each song or 3) MP3tunes did store only one master copy each song, and Judge Pauley understood that, but intentionally ruled erroneously otherwise because it suited him to do so.

It's not all roses. This means that the Amazon and Google have to be able to delete infringing content when notified it to qualify for safe harbor.

I also doubt Apple feels foolish, because it means they gain the same locker protection when users upload files to iTunes on the cloud.

If for example the labels successfully sue Amazon due to how their current license disallows multiple redistribution (which will occur with Amazon's locker), then Amazon will lose a lot of functionality. Deduplication may not be broadcasting, but streaming multiple copies of a single file to a single user still sounds an awful lot like unauthorized duplication. Google's problem is if any file ever becomes public; as soon as it does, then a takedown notice can occur, whether it's legit or not, and Google has to respond and at the same time must provide some kind of forum for defending the legitimacy of the file.

It's not all roses. This means that the Amazon and Google have to be able to delete infringing content when notified it to qualify for safe harbor.

I also doubt Apple feels foolish, because it means they gain the same locker protection when users upload files to iTunes on the cloud.

If for example the labels successfully sue Amazon due to how their current license disallows multiple redistribution (which will occur with Amazon's locker), then Amazon will lose a lot of functionality. Deduplication may not be broadcasting, but streaming multiple copies of a single file to a single user still sounds an awful lot like unauthorized duplication. Google's problem is if any file ever becomes public; as soon as it does, then a takedown notice can occur, whether it's legit or not, and Google has to respond and at the same time must provide some kind of forum for defending the legitimacy of the file.

I'm curious though - is there some kind of protection, at least in the Google & Amazon models, since only the individual possessing the login & password can access the files, and there is _no_ functionality for sharing files or file details with anyone?

How, exactly, would the record labels be able to determine if content was infringing, unless they illegally gained access to a users account? Even then, who are they to determine if the content is infringing, since both Google and Amazon operate stores that deposit purchased music directly into the same storage locker as any that's uploaded. Since evidence obtained illegally is rarely admissible in court, and a warrant generally requires probable cause, how would a label find out?

Well, it depends if either have a playlist function, for example, or the ability to publish to Google+

If the labels trawled Google+ for indications of pirated material (say a specific tag or group or channel), that would allow for them to notify Google (or Amazon) that an infringing material was present.

Judge Pauley soundly rejected that line of reasoning, writing that "MP3tunes does not use a 'master copy' to store or play back songs stored in its lockers. Instead, MP3tunes uses a standard data compression algorithm that eliminates redundant digital data."

This quote makes it sound like either 1) MP3tunes did store only one master copy of each song and Judge Pauley didn't understand that or 2) MP3tunes did not store only one master copy of each song or 3) MP3tunes did store only one master copy each song, and Judge Pauley understood that, but intentionally ruled erroneously otherwise because it suited him to do so.

So what's really going on at MP3tunes?

No. The Judge got it exactly right:

If there are 100 users who legally have the exact same (bit-wise) song in their lockers it makes no sense to store 100 copies of the same data, so long as the song appears to be 100 (and only 100) copies from a user perspective. This is just a higher order compression algorithm. Saying otherwise would put any compression technology which might be applied across user boundaries at risk, i.e. file-systems that offer compression, compressed backups, etc.

Well, it depends if either have a playlist function, for example, or the ability to publish to Google+

If the labels trawled Google+ for indications of pirated material (say a specific tag or group or channel), that would allow for them to notify Google (or Amazon) that an infringing material was present.

I've been using Google Music in the beta, and as far as I can tell, it's strictly a private service with no Google+ functionality. Of course, I'm not in Google+, so perhaps that's an issue as well.

Amazon doesn't have any sharing functions that I've seen. I've been using both for several months to compare the two. Surprisingly, I prefer Amazon.

True enough, they could trawl - but so far as I'm aware "might" isn't enough; they'd have to be able to identify a specific piece of content, not "let us have access to this user's account because we think they might have infringing content based on 'blah'".

I'm curious though - is there some kind of protection, at least in the Google & Amazon models, since only the individual possessing the login & password can access the files, and there is _no_ functionality for sharing files or file details with anyone?

How, exactly, would the record labels be able to determine if content was infringing, unless they illegally gained access to a users account? Even then, who are they to determine if the content is infringing, since both Google and Amazon operate stores that deposit purchased music directly into the same storage locker as any that's uploaded. Since evidence obtained illegally is rarely admissible in court, and a warrant generally requires probable cause, how would a label find out?

Maybe the labels will start providing the MD5 checksums of all the mp3s available in warez sites, just to harass all music lockers...

I'm curious though - is there some kind of protection, at least in the Google & Amazon models, since only the individual possessing the login & password can access the files, and there is _no_ functionality for sharing files or file details with anyone?

How, exactly, would the record labels be able to determine if content was infringing, unless they illegally gained access to a users account? Even then, who are they to determine if the content is infringing, since both Google and Amazon operate stores that deposit purchased music directly into the same storage locker as any that's uploaded. Since evidence obtained illegally is rarely admissible in court, and a warrant generally requires probable cause, how would a label find out?

Maybe the labels will start providing the MD5 checksums of all the mp3s available in warez sites, just to harass all music lockers...

If all music files were guaranteed to be the same, then that might work. But subtle differences in files, encoding, etc. could mean that the same song might have tens, hundreds, thousands of different MD5 hashes.

Plus I think that would prove to be an unfair burden on the locker sites, seeing as the DMCA requires that you identify the specific individual and/or content that's infringing. Demanding that Amazon and Google constantly scan their storage for MD5 hashes that match (and could, in fact, be legitimate) wouldn't fly, since there's no court precedent for it.

There's no way to say that A&G won't integrate with FaceBook or Google+, however. It's pretty common to see in AIM or iChat the taglines of "Now listening to..."

And as soon as that occurs with these music lockers, then the lawyers have something to latch onto.

Yet the content could be legitimate - Amazon & Google's primary players are Web-based services, followed by Android Apps, neither of which (that I'm aware of) can change your AIM or iChat tag lines. Even if they could, if I'm listening to music that I've purchased legitimately through one of their stores, then I'm not infringing, no matter what the lawyer might think. Not to mention that some 100% legitimate (WinAmp + ShoutCast) programs can also change your tag lines.

And I don't see Amazon getting in bed with Facebook, and with the launch of Google+, I don't think Google will be either.

You misunderstand, when a takedown notice is issued the burden is placed on the service. They should take down the content at the risk of losing safe harbor, until the party in question counternotifies the service. The service is in no position to police, monitor, or measure the legitimacy of the file unless it wants to lose safe harbor.

In other words, it only requires an allegation of infringement for the takedown to occur. It is up to the, unfortunately, end user to prove to Google or Amazon that the file was in fact legit.

If they cannot prove the file was legit, then the file will not be restored.

You misunderstand, when a takedown notice is issued the burden is placed on the service. They should take down the content at the risk of losing safe harbor, until the party in question counternotifies the service. The service is in no position to police, monitor, or measure the legitimacy of the file unless it wants to lose safe harbor.

In other words, it only requires an allegation of infringement for the takedown to occur. It is up to the, unfortunately, end user to prove to Google or Amazon that the file was in fact legit.

This still begs the question as to how the infringement may be detected. I can't see anyone else's files on either Google or Amazon; nor do I see any options to share my content or what I have with anyone else. Absent my account being hacked, I'm not sure how infringing content would be detected. I understand that the burden is on the user to prove the file is legitimate, but I also don't believe that a copyright holder could issue a blanket take-down notice to Google or Amazon for every user of their respective services. They might try, but I could see that getting squashed pretty quick, especially since both services provide ways to acquire legitimate music from their respective stores.

OrangeCream wrote:

If they cannot prove the file was legit, then the file will not be restored.

How does this work if Google or Amazon themselves provided the file if the user purchased it from their respective stores?

Both Google and Amazon deposit the files, when purchased, to the same storage locker as user's own content that they upload is deposited.

Judge Pauley soundly rejected that line of reasoning, writing that "MP3tunes does not use a 'master copy' to store or play back songs stored in its lockers. Instead, MP3tunes uses a standard data compression algorithm that eliminates redundant digital data."

This quote makes it sound like either 1) MP3tunes did store only one master copy of each song and Judge Pauley didn't understand that or 2) MP3tunes did not store only one master copy of each song or 3) MP3tunes did store only one master copy each song, and Judge Pauley understood that, but intentionally ruled erroneously otherwise because it suited him to do so.

So what's really going on at MP3tunes?

At a basic level, compression is taking a longer sequence that is repeated and using a much small sequence to represent it. Which means that that smaller sequence has to reference back to the original, longer sequence at some point.

So... What if I want to create a compression based filesystem? Symbolic and hard links both function as shorter sequences that point back to the original, longer sequences. It's really a matter of perspective -- int his case, zoom out to the filesystem level and think about it that way.

All the digital files in my collection are legal, either rips from CDs I own or free downloads from the artists' sites. Furthermore, I'm not sharing them with anyone (even if I use the Now Playing plugin for IRC). Are they not "legit"?

In every scenario I posited, there has to be a publishing service, either Twitter, FaceBook, Google+, Wordpress, or what have you, that publishes the current song (or playlist) you have.

If that occurs, as I said twice now, the lawyers can issue takedowns and force the end user to prove the content was legitimate, and the lockers have to take down the music until the users can show legitimacy.

There's no way to say that A&G won't integrate with FaceBook or Google+, however. It's pretty common to see in AIM or iChat the taglines of "Now listening to..."

And as soon as that occurs with these music lockers, then the lawyers have something to latch onto.

You can't tell whether or not the copy of music is legitimate from "Now Listening to." Even if you could, those services are going to be opt-in, or at least very easy to opt out of unless they are run by complete morons. If they start catching people through those methods, then people will just opt out of it.

In every scenario I posited, there has to be a publishing service, either Twitter, FaceBook, Google+, Wordpress, or what have you, that publishes the current song (or playlist) you have.

If that occurs, as I said twice now, the lawyers can issue takedowns and force the end user to prove the content was legitimate, and the lockers have to take down the music until the users can show legitimacy.

Yes, of course. Though I would think a judge would look dimly on a take down notice issued solely on the evidence of "Well, your honor, Mr. So-n-So had a "Playing Now tag" of song Blah Blah, and we felt that indicated infringement. With narrow exceptions (unreleased songs being the only one I could think of), I can't see it holding water should it be challenged.

The point I was trying to make is that while this article seems to indicate that with this ruling, if it's upheld, Google and Amazon are on firmer ground, I can't quite see how the ground they were on was shaky to begin with, if infringement can't be detected unless their users are stupid.

The point I was trying to make is that while this article seems to indicate that with this ruling, if it's upheld, Google and Amazon are on firmer ground, I can't quite see how the ground they were on was shaky to begin with, if infringement can't be detected unless their users are stupid.

There's no way to say that A&G won't integrate with FaceBook or Google+, however. It's pretty common to see in AIM or iChat the taglines of "Now listening to..."

And as soon as that occurs with these music lockers, then the lawyers have something to latch onto.

You can't tell whether or not the copy of music is legitimate from "Now Listening to." Even if you could, those services are going to be opt-in, or at least very easy to opt out of unless they are run by complete morons. If they start catching people through those methods, then people will just opt out of it.

You don't have to. The burden is on the user to prove to Google or Amazon that the file is legitimate.

There's no way to say that A&G won't integrate with FaceBook or Google+, however. It's pretty common to see in AIM or iChat the taglines of "Now listening to..."

And as soon as that occurs with these music lockers, then the lawyers have something to latch onto.

You can't tell whether or not the copy of music is legitimate from "Now Listening to." Even if you could, those services are going to be opt-in, or at least very easy to opt out of unless they are run by complete morons. If they start catching people through those methods, then people will just opt out of it.

You don't have to. The burden is on the user to prove to Google or Amazon that the file is legitimate.

You've got to be shitting me. There's no way in hell that that could pass the "good faith" requirement of a DMCA notice.

There's no way to say that A&G won't integrate with FaceBook or Google+, however. It's pretty common to see in AIM or iChat the taglines of "Now listening to..."

And as soon as that occurs with these music lockers, then the lawyers have something to latch onto.

You can't tell whether or not the copy of music is legitimate from "Now Listening to." Even if you could, those services are going to be opt-in, or at least very easy to opt out of unless they are run by complete morons. If they start catching people through those methods, then people will just opt out of it.

You don't have to. The burden is on the user to prove to Google or Amazon that the file is legitimate.

You've got to be shitting me. There's no way in hell that that could pass the "good faith" requirement of a DMCA notice.

I'm sure abuse of the system won't be tolerated, but that's why I mentioned looking for warez tags and such.

OrangerCream - Will you please just not post in any article about Google, Amazon, or anything non-apple...

I think the article is clear - this is good news for content lockers. Reading the TOS for Google and Amazon they clearly state that they have the ability to take down infringing content, etc, etc...

IMO Apple is in the same boat - I am sure their music storage TOS has some similar wording, if not they would not qualify for safe harbor...

And as far as people posting their play-lists, etc it has nothing to do with anything, if I uploaded my music I can listen to it, and tell people what I am listening to... Unless I post the file hashes, and that I illegally uploaded pirated music to my storage locker they would have NOTHING to go on, and would never receive any permission to take down my content.

Amazon and Google services are not peer to peer, there is no file sharing between them, it is a personal file locker...

I'm sure abuse of the system won't be tolerated, but that's why I mentioned looking for warez tags and such.

You are operating under the assumption that there will be any warez tags involved in any significant amount. "Now listening to" is going to generally say the song title and the artist. The best hint you'll get is mislabeled music, which isn't really a hint at all. A legitimate owner of a copy can easily mislabel music as well.

Folks, I'm not a lawyer but I think the implications of the DMCA exception here are narrower than is being suggested in comments. Perhaps this is due to a lack of clarity in my write-up.

In this case, MP3tunes not only knew that a particular sideload.com result was (allegedly) infringing, but it also knew which specific users had sideloaded that specific URL. The judge ruled that MP3tunes had an obligation to remove the file from the lockers of the users who had gotten the file via sideloading.

It's not totally clear from this what would happen if you happen to have an identical file that you uploaded from your own hard drive. But my reading would suggest that MP3tunes would *not* need to remove such files in order to qualify for the safe harbor, because in that case MP3tunes wouldn't have the same degree of certainty that the file was illegal.

I'm sure abuse of the system won't be tolerated, but that's why I mentioned looking for warez tags and such.

You are operating under the assumption that there will be any warez tags involved in any significant amount. "Now listening to" is going to generally say the song title and the artist. The best hint you'll get is mislabeled music, which isn't really a hint at all. A legitimate owner of a copy can easily mislabel music as well.

I was also under the impression that a simple comment which reads, "So-and-so is listening to ________" on a social media post cannot be evidence enough for some lawyer to issue a take down notice. You have this same functionaliy on IRC, AIM and any other "social media" application. You could have it for a Twitter feed (that would get annoying fast) or an FB update. Regardless of where or how, there is no way anyone can prove beyond a reasonable doubt that the person has infringed upon any copyright. As long as said media is not "redistributed" and said media is "stored in private", then where's the harm? There is none.

There's also the case of listening to music not yet available for sale but available through bootleg channels.

This is an edge case, but you're right -- a social media post of "Alice is now listening to Secret Unreleased Song by The Popstars on Google Music." is probably enough evidence to send a DMCA takedown notice in good faith.

I don't see this edge case mattering much in the grand scheme of things, though. Do you?

There's a case scenario that gets even more interesting if you think about it. MP3tunes was held liable for copyright infringement when they didn't remove files from an individual users' folders. However, I would think that doing so would run afoul of laws regarding entrance into personal space. For example, if I rent a storage locker IRL, I can put whatever I want to put into it. If the office of the company I rent the locker from is notified that a piece of stolen property is in the locker by a 3rd party (let's say, your friend John), they do NOT have the legal right to enter the locker and remove the stolen property. Only law enforcement can compel them to open the locker, with a warrant. It's a privately rented storage space. Public access isn't allowed. To my mind, that is exactly the same analogy for "digital locker" services. It's private, rented space.

While everyone's debating on how DMCA Safe Harbor works, let me be the first to applaud Good Judge William Pauley for understanding that deduplication is not in and of itself, a copyright infringement mechanism, but a technical solution to solve storage problems, regardless of the deduplicated data.

This will not make the music industry happy...and anything that does not make them happy, is good for us.

This makes us at MAFIAAFire happy...

And this also makes gorehound very happy.I will smoke a nice joint of my legal medical marijuana and i would drink a toast but alas i can't because of HEP-C and my liver.When MAFIAAFire is happy then know gorehound is also happy.

MAFIAA suck my Welsh Corgi's dirty butt !!!That is all you big content will ever get from me.Buy Used stuff and stop feeding those pigs.

Timothy B. Lee / Timothy covers tech policy for Ars, with a particular focus on patent and copyright law, privacy, free speech, and open government. His writing has appeared in Slate, Reason, Wired, and the New York Times.